Be sure to send any manual pages, patches, .desktop files and so on upstream. If the patches are hacks to workaround upstream brokenness, please replace them with patches do the right thing as upstream would (ie, make things more configurable) and send them upstream

Use dpkg-source v3 for patches rather than anything else.

Don't apply lintian overrides unless necessary. Bugs in lintian or other packages should not be overridden

Remove comments unless they explain something non-trivial, or give reasoning for some action

Avoid using bashisms in your debian/rules file or other scripts

Avoid more than one copy of the version number in the get-orig-source target

Use --rsyncable when compressing the tarball in get-orig-source or the uscan script

Use debhelper commands rather than other commands because they are more likely to give policy-compliant results.

Remove embedded code copies if you happen to need to repack the tarball.

When embedded code copies are necessary, notify the security team so they can track vulnerabilities more effectively.

The debian/copyright file must contain licence and copyright information for every file in the source package. Images, fonts and other binary files are commonly missed.

If you have a lot of embedded code copies that are not used in the binary package, you may want to have a separate debian/package.copyright for the binary package.

If available, add the homepage source package stanza in the control file. At some point it would be nice to have Homepage as a separate field collaboratively edited from packages.debian.org. Use that if it ever happens.

When adopting packages, preserve the history in debian/changelog and debian/copyright